geode-issues mailing list archives

[jira] [Commented] (GEODE-397) When the server-ssl-* properties are configured, the client subscription socket can fail to be created

Date

Tue, 13 Oct 2015 17:18:05 GMT

[ https://issues.apache.org/jira/browse/GEODE-397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14955294#comment-14955294
]
ASF subversion and git services commented on GEODE-397:
-------------------------------------------------------
Commit 7beba45f1f0bf126fd5e6750190dbdb5733d9c70 in incubator-geode's branch refs/heads/feature/GEODE-397
from [~dschneider]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-geode.git;h=7beba45 ]
GEODE-397: Fix clients to use server ssl config
Each client pool now creates a single SocketCreator that
uses either the server or gateway ssl config.
That SocketCreator is used for all connections the client
makes to the server. It no longer uses the default cluster
SocketCreator when connecting to the server.
This fix might show some performance improvement because the
old code recreated the SocketCreator every time the client
created a server connection. Now it just happens once for each
pool.
Also since using SocketCreator.getDefaultInstance when it should
have used a non-default instance caused this bug all calls of
getDefaultInstance were reviewed. A number of them were used
to call isHostReachable which is a method that was deadcoded.
So all those calls have been commented out. One of call of
getDefaultInstance was deleted (in ConnectionTable) because it
was never used.
> When the server-ssl-* properties are configured, the client subscription socket can fail
to be created
> ------------------------------------------------------------------------------------------------------
>
> Key: GEODE-397
> URL: https://issues.apache.org/jira/browse/GEODE-397
> Project: Geode
> Issue Type: Bug
> Components: core
> Reporter: Darrel Schneider
> Assignee: Darrel Schneider
>
> The {{{CacheClientUpdater}}} (which creates the client subscription socket) uses the
default {{{SocketCreator}}} which is configured based on the {{{cluster-ssl-*}}} properties.
> If the {{{cluster-ssl-*}}} properties are configured in the client security properties,
the client subscription socket is created correctly. If, instead, the {{{server-ssl-*}}} properties
are configured, then the {{{CacheClientUpdater}}} will attempt to create the socket with value
of {{{cluster-ssl-enabled}}} (which will be false) instead of {{{server-ssl-enabled}}} (which
will be true) and fail.
> The messages logged in the client log are:
> {{{
> [warning 2015/10/05 18:41:46.487 PDT <main> tid=0x1] Cache Client Updater Thread
on boglesbymac(server1:85312)<v1>:13499 port 49848 (192.168.2.12:49848): Security exception
when creating server-to-client communication socket. com.gemstone.gemfire.security.AuthenticationRequiredException:
Server expecting SSL connection
> [error 2015/10/05 18:41:46.491 PDT <main> tid=0x1] Could not find any server to
create primary client queue on. Number of excluded servers is 1 and exception is no exception.
> [error 2015/10/05 18:41:46.491 PDT <main> tid=0x1] Could not initialize a primary
queue on startup. No queue servers available.
> }}}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)